16.24. taler-auditor.conf(5)

16.24.1. Name

taler-auditor.conf - Taler auditor configuration file

16.24.2. Description

The configuration file is line-oriented. Blank lines and whitespace at the beginning and end of a line are ignored. Comments start with # or % in the first column (after any beginning-of-line whitespace) and go to the end of the line.

The file is split into sections. Every section begins with [SECTIONNAME] and contains a number of options of the form OPTION=VALUE. There may be whitespace around the = (equal sign). Section names and options are case-insensitive.

The values, however, are case-sensitive. In particular, boolean values are one of YES or NO. Values can include whitespace by surrounding the entire value with " (double quote). Note, however, that there are no escape characters in such strings; all characters between the double quotes (including other double quotes) are taken verbatim.

Values that represent a time duration are represented as a series of one or more NUMBER UNIT pairs, e.g. 60 s, 4 weeks 1 day, 5 years 2 minutes.

Values that represent an amount are in the usual amount syntax: CURRENCY:VALUE.FRACTION, e.g. EUR:1.50. The FRACTION portion may extend up to 8 places.

Values that represent filenames can begin with a /bin/sh-like variable reference. This can be simple, such as $TMPDIR/foo, or complex, such as ${TMPDIR:-${TMP:-/tmp}}/foo. The variables are expanded either using key-values from the [PATHS] section (see below) or from the environment (getenv()). The values from [PATHS] take precedence over those from the environment. If the variable name is found in neither [PATHS] nor the environment, a warning is printed and the value is left unchanged. Variables (including those from the environment) are expanded recursively, so if FOO=$BAR and BAR=buzz then the result is FOO=buzz. Recursion is bounded to at most 128 levels to avoid undefined behavior for mutually recursive expansions like if BAR=$FOO in the example above.

The [PATHS] section is special in that it contains paths that can be referenced using $ in other configuration values that specify filenames. Note that configuration options that are not specifically retrieved by the application as filenames will not see “$”-expressions expanded. To expand $-expressions when using taler-config, you must pass the -f command-line option.

The system automatically pre-populates the [PATHS] section with a few values at run-time (in addition to the values that are in the actual configuration file and automatically overwriting those values if they are present). These automatically generated values refer to installation properties from GNU autoconf. The values are usually dependent on an INSTALL_PREFIX which is determined by the --prefix option given to configure. The canonical values are:

  • LIBEXECDIR = $INSTALL_PREFIX/taler/libexec/

  • DOCDIR = $INSTALL_PREFIX/share/doc/taler/

  • ICONDIR = $INSTALL_PREFIX/share/icons/

  • LOCALEDIR = $INSTALL_PREFIX/share/locale/

  • PREFIX = $INSTALL_PREFIX/

  • BINDIR = $INSTALL_PREFIX/bin/

  • LIBDIR = $INSTALL_PREFIX/lib/taler/

  • DATADIR = $INSTALL_PREFIX/share/taler/

Note that on some platforms, the given paths may differ depending on how the system was compiled or installed, the above are just the canonical locations of the various resources. These automatically generated values are never written to disk.

Files containing default values for many of the options described below are installed under $TALER_AUDITOR_PREFIX/share/taler-auditor/config.d/. The configuration file given with -c to Taler binaries overrides these defaults.

A configuration file may include another, by using the @INLINE@ directive, for example, in main.conf, you could write @INLINE@ sub.conf to include the entirety of sub.conf at that point in main.conf.

Be extra careful when using taler-auditor-config -V VALUE to change configuration values: it will destroy all uses of @INLINE@ and furthermore remove all comments from the configuration file!

16.24.2.1. GLOBAL OPTIONS

The “[PATHS]” section is special in that it contains paths that can be referenced using “$” in other configuration values that specify filenames. For Taler, it commonly contains the following paths:

TALER_HOME

Home directory of the user, usually “${HOME}”. Can be overwritten by testcases by setting ${TALER_TEST_HOME}.

TALER_DATA_HOME

Where should Taler store its long-term data. Usually “${TALER_HOME}/.local/share/taler-auditor/”.

TALER_CONFIG_HOME

Where is the Taler configuration kept. Usually “${TALER_HOME}/.config/taler-auditor/”.

TALER_CACHE_HOME

Where should Taler store cached data. Usually “${TALER_HOME}/.cache/taler-auditor/”.

TALER_RUNTIME_DIR

Where should Taler store system runtime data (like UNIX domain sockets). Usually “${TMP}/taler-auditor-runtime”.

16.24.2.2. CURRENCY SPECIFICATIONS

Sections with a name of the form “[currency-$NAME]” (where “$NAME” could be any unique string) are used to specify details about how currencies should be handled (and in particularly rendered) by the user interface. A detailed motivation for this section can be found in DD51. Different components can have different rules for the same currency. For example, a bank or merchant may decide to render Euros or Dollars with always exactly two fractional decimals, while an Exchange for the same currency may support additional decimals. The required options in each currency specification section are:

ENABLED

Set to YES or NO. If set to NO, the currency specification section is ignored. Can be used to disable currencies or select alternative sections for the same CODE with different choices.

CODE

Code name for the currency. Can be at most 11 characters, only the letters A-Z are allowed. Primary way to identify the currency in the protocol.

NAME

Long human-readable name for the currency. No restrictions, but should match the official name in English.

FRACTIONAL_INPUT_DIGITS

Number of fractional digits that users are allowed to enter manually in the user interface.

FRACTIONAL_NORMAL_DIGITS

Number of fractional digits that will be rendered normally (in terms of size and placement). Digits shown beyond this number will typically be rendered smaller and raised (if possible).

FRACTIONAL_TRAILING_ZERO_DIGITS

Number of fractional digits to pad rendered amounts with even if these digits are all zero. For example, use 2 to render 1 USD as $1.00.

ALT_UNIT_NAMES

JSON map determining how to encode very large or very tiny amounts in this currency. Maps a base10 logarithm to the respective currency symbol. Must include at least an entry for 0 (currency unit). For example, use {“0”:”€”} for Euros or “{“0”:”$”} for Dollars. You could additionally use {“0”:”€”,”3”:”k€”} to render 3000 EUR as 3k€. For BTC a typical map would be {“0”:”BTC”,”-3”:”mBTC”}, informing the UI to render small amounts in milli-Bitcoin (mBTC).

16.24.2.3. EXCHANGE DATABASE OPTIONS

The following options must be in the section “[exchangedb]”.

IDLE_RESERVE_EXPIRATION_TIME

After which time period should reserves be closed if they are idle?

LEGAL_RESERVE_EXPIRATION_TIME

After what time do we forget about (drained) reserves during garbage collection?

AGGREGATOR_SHIFT

Delay between a deposit being eligible for aggregation and the aggregator actually triggering.

DEFAULT_PURSE_LIMIT

Number of concurrent purses that a reserve may have active if it is paid to be opened for a year.

MAX_AML_PROGRAM_RUNTIME

Maximum time an AML program is allowed to run. (Optional for taler-auditor.)

16.24.2.4. EXCHANGE POSTGRES BACKEND DATABASE OPTIONS

The following options must be in section “[exchangedb-postgres]” if the “postgres” plugin was selected for the database.

CONFIG

How to access the database, e.g. “postgres:///taler-exchange” to use the “taler-exchange” database. Testcases use “talercheck”.

16.24.2.5. EXCHANGE ACCOUNT OPTIONS

An exchange (or merchant) can have multiple bank accounts. The following options are for sections named “[exchange-account-SOMETHING]”. The SOMETHING is arbitrary and should be chosen to uniquely identify the bank account for the operator. These options are used by the taler-exchange-aggregator, taler-exchange-closer, taler-exchange-transfer and taler-exchange-wirewatch tools.

PAYTO_URI

Specifies the full payto://-URL of the account. The general format is payto://$METHOD/$DETAILS?receiver-name=NAME. Examples: payto://x-taler-bank/localhost:8899/Exchange?receiver-name=Exchange or payto://iban/GENODEF1SLR/DE67830654080004822650/?receiver-name=Exchange or payto://iban/DE67830654080004822650/?receiver-name=Exchange (providing the BIC is optional).

ENABLE_DEBIT

Must be set to YES for the accounts that the taler-exchange-aggregator and taler-exchange-closer should debit.

ENABLE_CREDIT

Must be set to YES for the accounts that the taler-exchange-wirewatch should check for credits. It is yet uncertain if the merchant implementation may check this flag as well.

Additionally, for each enabled account there MUST be another matching section named “[exchange-accountcredentials-SOMETHING]”. This section SHOULD be in a secret/ configuration file that is only readable for the taler-exchange-wirewatch and taler-exchange-transfer processes. It contains the credentials to access the bank account:

WIRE_GATEWAY_URL

URL of the wire gateway. Typically of the form https://$HOSTNAME[:$PORT]/taler-wire-gateway/$USERNAME/ where $HOSTNAME is the hostname of the system running the bank (such as the Taler Python bank or the Nexus) and $USERNAME is the username of the exchange’s bank account (usually matching the USERNAME option used for authentication). Example: https://bank.demo.taler.net/taler-wire-gateway/Exchange/.

WIRE_GATEWAY_AUTH_METHOD

This option determines how the exchange (auditor/wirewatch/aggregator) authenticates with the wire gateway. Choices are basic, bearer and none.

USERNAME

User name for basic authentication with the wire gateway.

PASSWORD

Password for basic authentication with the wire gateway.

TOKEN

Token for bearer authentication with the wire gateway.

16.24.2.6. EXCHANGE COIN OPTIONS

The following options must be in sections starting with "[coin_]" and are largely used by taler-exchange-httpd to determine the meta data for the denomination keys. Some of the options are used by the taler-exchange-secmod-rsa to determine which RSA keys to create (and of what key length). Note that the section names must match, so this part of the configuration MUST be shared between the RSA helper and the exchange. Configuration values MUST NOT be changed in a running setup. Instead, if parameters for a denomination type are to change, a fresh section name should be introduced (and the existing section should be deleted).

VALUE

Value of the coin, e.g. “EUR:1.50” for 1 Euro and 50 Cents (per coin).

DURATION_WITHDRAW

How long should the same key be used for clients to withdraw coins of this value?

DURATION_SPEND

How long do clients have to spend these coins?

DURATION_LEGAL

How long does the exchange have to keep records for this denomination?

FEE_WITHDRAW

What fee is charged for withdrawal?

FEE_DEPOSIT

What fee is charged for depositing?

FEE_REFRESH

What fee is charged for refreshing?

FEE_REFUND

What fee is charged for refunds? When a coin is refunded, the deposit fee is returned. Instead, the refund fee is charged to the customer.

CIPHER

What cryptosystem should be used? Must be set to either “CS” or “RSA”. The respective crypto-helper will then generate the keys for this denomination.

RSA_KEYSIZE

What is the RSA keysize modulos (in bits)? Only used if “CIPHER=RSA”.

AGE_RESTRICTED

Setting this option to YES marks the denomination as age restricted (default is NO). For this option to be accepted the extension for age restriction MUST be enabled.

16.24.2.7. EXCHANGE OPTIONS

The following options are from the “[exchange]” section and used by the auditor.

CURRENCY

Name of the currency, e.g. “EUR” for Euro.

CURRENCY_ROUND_UNIT

Smallest amount in this currency that can be transferred using the underlying RTGS. For example: “EUR:0.01” or “JPY:1”.

DB

Plugin to use for the database, e.g. “postgres”.

16.24.2.8. AUDITOR OPTIONS

The following options must be in section “[auditor]” for the Taler auditor.

DB

Plugin to use for the database, e.g. “postgres”

AUDITOR_PRIV_FILE

Name of the file containing the auditor’s private key.

PUBLIC_KEY

Crockford Base32 encoded auditor public key. Used by (online) auditor processes that do not have access to the (offline) auditor private key file.

BASE_URL

Base URL of the auditor, e.g. “https://auditor.demo.taler.net/

SERVE

Should the HTTP server listen on a UNIX domain socket (set option to “unix”) or on a TCP socket (set option to “tcp”)?

UNIXPATH

Path to listen on if we “SERVE” is set to “unix”.

UNIXPATH_MODE

Access permission mask to use for the “UNIXPATH”.

PORT

Port on which the HTTP server listens, e.g. 8080.

BIND_TO

Hostname to which the merchant HTTP server should be bound to, e.g. “localhost”.

16.24.2.9. AUDITOR POSTGRES BACKEND DATABASE OPTIONS

The following options must be in section “[auditordb-postgres]” if the “postgres” plugin was selected for the database.

CONFIG

How to access the database, e.g. “postgres:///taler” to use the “taler” database. Testcases use “talercheck”.

16.24.3. SEE ALSO

taler-auditor-dbinit(1), taler-auditor-httpd(1), taler-auditor-offline(1).

16.24.4. BUGS

Report bugs by using https://bugs.taler.net/ or by sending electronic mail to <taler@gnu.org>.